Perhaps the problem is because the binary "C:\aa.exe" hasn't existed yet (or has already been deleted) at the time the call is being performed. The binary must exist because CallbackFS, before adding the process name to the "access granted/denied" list, tries to resolve all possible symbolic links in the path.
So either add only the name of the binary (without the path) or ensure the binary exists.